CVE-2025-5234 – WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5234

Published : June 19, 2025, 10:15 a.m. | 21 minutes ago

Description : The Gutenverse News plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘elementId’ parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleKiCad Consiglia agli Utenti GNU/Linux di Rimanere su X11 per la Progettazione Professionale di Circuiti Stampati

Next Article CVE-2025-5071 – WordPress AI Engine Plugin Unauthenticated Privilege Escalation and Data Deletion Vulnerability

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-5234 – WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

A Blade-Only Starter Kit for Laravel 12 Projects

Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices

CVE-2024-11739 – Case Informatics Case ERP SQL Injection

OpenAI’s ChatGPT claims neither Sam Altman nor Elon Musk is suited to advance AI if humanity is at stake — as Microsoft Copilot throws the ball back in the court

I was skeptical about big-screen laptops, but this Acer model is my new go-to for work

Implementing Modern Web Design Trends with Website Builders in 2025

CVE-2025-4640 – “PCL Zlib Out-of-bounds Write Overflow”

Meta’s Llama 4 ‘herd’ controversy and AI contamination, explained

CVE-2025-5234 – WordPress Gutenverse News Plugin Stored Cross-Site Scripting Vulnerability

Related Posts